[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Snort logging portscans from dns

Any ideas why Snort is logging portscans from 2 of my providers
DNS servers?  I see this every day.  Its making only UDP
connections based on the log:

Mar 19 13:00:47 myhost snort: spp_portscan: portscan status
from +216.148.227.68: 6 connections across 1 hosts: TCP(0),
UDP(6)

I think this is due to the DNS servers making several connections
in my firewall/nat gateway in a short period of time.  But I'm
not sure.

thanks,
jc

-- 
Jeff Coppock		Systems Engineer
Diggin' Debian		Admin and User
Reply to: